Commit graph

667 commits

Author SHA1 Message Date
Simon Butcher fec73a8eec Merge of fix for IOTSSL-481 - Double free
Potential double free in mbedtls_ssl_conf_psk()
2015-10-05 10:40:31 +01:00
Simon Butcher 5b8d1d65f7 Fix for IOTSSL-473 Double free error
Fix potential double-free in mbedtls_ssl_set_hs_psk(.)
2015-10-04 22:06:51 +01:00
Robert Cragie 4feb7ae8c2 Added key export API 2015-10-02 13:33:37 +01:00
Manuel Pégourié-Gonnard ef388f168d Merge branch 'development' into development-restricted
* development:
  Updated ChangeLog with credit
  Fix a fairly common typo in comments
  Make config check include for configs examples more consistent
2015-10-02 12:44:39 +02:00
Simon Butcher 9f81231fb8 Revised hostname length check from review 2015-09-28 19:22:33 +01:00
Manuel Pégourié-Gonnard 24417f06fe Fix potential double-free in mbedtls_ssl_conf_psk() 2015-09-28 18:09:45 +02:00
Simon Butcher 89f77623b8 Added max length checking of hostname 2015-09-27 22:50:49 +01:00
Tillmann Karras 588ad50c5a Fix a fairly common typo in comments 2015-09-25 04:27:22 +02:00
Manuel Pégourié-Gonnard 77c0646ef2 Add cache for EC J-PAKE client extension
Not used yet, just add the variables and cleanup code.
2015-09-17 13:59:49 +02:00
Manuel Pégourié-Gonnard 25dbeb002d Skip certificate-related messages with ECJPAKE 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard eef142d753 Depend on ECJPAKE key exchange, not module
This is more consistent, as it doesn't make any sense for a user to be able to
set up an EC J-PAKE password with TLS if the corresponding key exchange is
disabled.

Arguably this is what we should de for other key exchanges as well instead of
depending on ECDH_C etc, but this is an independent issue, so let's just do
the right thing with the new key exchange and fix the other ones later. (This
is a marginal issue anyway, since people who disable all ECDH key exchange are
likely to also disable ECDH_C in order to minimize footprint.)
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard 557535d8c4 Add ECJPAKE key exchange 2015-09-16 22:58:29 +02:00
Simon Butcher 5793e7ef01 Merge 'development' into iotssl-411-port-reuse
Conflicts:
	ChangeLog
2015-09-16 15:25:53 +01:00
Manuel Pégourié-Gonnard 7002f4a560 Add mbedtls_ssl_set_hs_ecjpake_password() 2015-09-16 16:10:48 +02:00
Manuel Pégourié-Gonnard 76cfd3f97f Add EC J-PAKE context in handshake structure 2015-09-15 18:24:08 +02:00
Manuel Pégourié-Gonnard ea5370d4a2 Don't allow reconnect during handshake
Especially for resumed handshake, it's entirely possible for an epoch=0
ClientHello to be retransmitted or arrive so late that the server is already
at epoch=1. There is no good way to detect whether it's that or a reconnect.

However:
- a late ClientHello seems more likely that client going down and then up
  again in the middle of a handshake
- even if that's the case, we'll time out on that handshake soon enough
- we don't want to break handshake flows that used to work
So the safest option is to not treat that as a reconnect.
2015-09-15 15:17:54 +02:00
Simon Butcher d0bf6a3891 Update ssl_tls.c
Clarification in comments
2015-09-11 17:34:49 +01:00
Simon Butcher 74ca8d07ad Update ssl_tls.c
Clarification in comments to ssl_handle_possible_reconnect()
2015-09-11 17:22:40 +01:00
Simon Butcher 0789aed39d Update ssl_tls.c
Typo
2015-09-11 17:15:17 +01:00
Manuel Pégourié-Gonnard ddfe5d20d1 Tune dependencies
Don't depend on srv.c in config.h, but add explicit checks. This is more
in line with other options that only make sense server-side, and also it
allows to test full config minus srv.c more easily.
2015-09-09 12:46:16 +02:00
Manuel Pégourié-Gonnard 2ed05a049a Fix typos 2015-09-09 11:52:28 +02:00
Manuel Pégourié-Gonnard 62c74bb78a Stop wasting resources
Use a custom function that minimally parses the message an creates a reply
without the overhead of a full SSL context.

Also fix dependencies: needs DTLS_HELLO_VERIFY for the cookie types, and let's
also depend on SRV_C as is doesn't make sense on client.
2015-09-09 11:22:52 +02:00
Nicholas Wilson 2088e2ebd9 fix const-ness of argument to mbedtls_ssl_conf_cert_profile
Otherwise, it's impossible to pass in a pointer to
mbedtls_x509_crt_profile_next!
2015-09-08 16:53:18 +01:00
Manuel Pégourié-Gonnard 3f09b6d4c2 Fix API 2015-09-08 11:58:14 +02:00
Manuel Pégourié-Gonnard be619c1264 Clean up error codes 2015-09-08 11:21:21 +02:00
Manuel Pégourié-Gonnard 11331fc25b First working dirty version
- uses too much resources
- wrong API
2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 9650205df7 Start detecting epoch 0 ClientHellos 2015-09-08 10:39:06 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Simon Butcher ed51594337 Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Manuel Pégourié-Gonnard f81ee2eba8 Add NULL checks to top-level SSL functions
On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
2015-09-01 17:43:40 +02:00
Manuel Pégourié-Gonnard a2cda6bfaf Add mbedtls_ssl_get_max_frag_len()
This is not very useful for TLS as mbedtls_ssl_write() will automatically
fragment and return the length used, and the application should check for that
anyway, but this is useful for DTLS where mbedtls_ssl_write() returns an
error, and the application needs to be able to query the maximum length
instead of just guessing.
2015-08-31 20:47:04 +02:00
Manuel Pégourié-Gonnard c6b5d833ec Fix handling of long PSK identities
fixes #238
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard ea35666f50 Fix -Wshadow warnings
Checked that it is supported by gcc 4.2.1 (FreeBSD 9).

fixes #240
2015-08-31 10:34:26 +02:00
Manuel Pégourié-Gonnard c98204e68f Fix missing break in switch for SSL presets
closes #235
2015-08-11 04:21:01 +02:00
Manuel Pégourié-Gonnard 0a8857435c DTLS: treat bad MAC on Finished as an error
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard cb0d212c97 Fix level of some debug messages 2015-07-22 11:52:11 +02:00
Manuel Pégourié-Gonnard 001f2b6246 Use xxx_clone() instead of memcpy() in SSL 2015-07-06 16:54:51 +02:00
Manuel Pégourié-Gonnard c0bf01e8d2 Undo overzealous renaming of internal variables
The rename script couldn't know it was a local variable with the same name as
on of the global functions
2015-07-06 16:26:23 +02:00
Manuel Pégourié-Gonnard b9d64e5bbe Fix missing calls to md/shaxxx_free() 2015-07-06 14:18:56 +02:00
Manuel Pégourié-Gonnard 9de64f5af1 Fix MSVC warnings in library and programs 2015-07-01 16:56:08 +02:00
Manuel Pégourié-Gonnard 0761733c1b Fix potential NULL dereference
We document that either of recv or recv_timeout may be NULL, but for TLS we
always used recv... Thanks Coverity for catching that.
(Not remotely trigerrable: local configuration.)

Also made me notice net_recv_timeout didn't do its job properly.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard 79c4e3ee59 Rm obsolete comments 2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard 14bf7063b9 Add SSL "assertions" to help static analyzers
scan-build was reporting NULL dereferences
2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard cdc26ae099 Add mbedtls_ssl_set_hs_authmode
While at it, fix the following:
- on server with RSA_PSK, we don't want to set flags (client auth happens via
  the PSK, no cert is expected).
- use safer tests (eg == OPTIONAL vs != REQUIRED)
2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard 12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard 898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard b31c5f68b1 Add SSL presets.
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard 7bfc122703 Implement sig_hashes 2015-06-17 14:34:48 +02:00
Manuel Pégourié-Gonnard 36a8b575a9 Create API for mbedtls_ssl_conf_sig_hashes().
Not implemented yet.
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard 9d412d872c Small internal changes in curve checking
- switch from is_acceptable to the more usual check
- add NULL check just in case user screwed up config
2015-06-17 14:27:39 +02:00
Manuel Pégourié-Gonnard b541da6ef3 Fix define for ssl_conf_curves()
This is a security feature, it shouldn't be optional.
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 6e3ee3ad43 Add mbedtls_ssl_conf_cert_profile() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard bd990d6629 Add ssl_conf_dhm_min_bitlen() 2015-06-17 11:37:04 +02:00
Manuel Pégourié-Gonnard 3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard 6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard 1b8de57827 Remove a few redundant memset after calloc.
Using the following semantic patch provided by Mansour Moufid:

@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...);
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard b2a18a2a98 Remove references to malloc in strings/names 2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard 5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard e057d3bf6b Relax some dependencies
- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b596abfdc0 Refine cli/srv ifdefs for session tickets
- Only the server needs to generate/parse tickets
- Only the client needs to store them

Also adjust prototype of ssl_conf_session_tickets() while at it.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard cf141ca7e7 Fix #ifdefs on ssl_cli.c or ssl_srv.c
Nothing to do with the current branch except I'm going to refine such #ifdefs
for tickets next and I want to start from a clean state
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard d59675d92c Move to callback for session tickets 2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard b0394bebdb Further adapt prototypes of ticket functions
Moving everything in ticket_keys structure, that will soon become
ticket_context.
2015-05-20 11:14:57 +02:00
Manuel Pégourié-Gonnard 151dc77732 Fix some old names that remained
- most in doxygen doc that was never renamed
- some re-introduced in comments/doc/strings by me
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard 0de074fbc1 Use rarely used conf function to cover them 2015-05-14 12:58:01 +02:00
Manuel Pégourié-Gonnard 66dc5555f0 mbedtls_ssl_conf_arc4_support() depends on ARC4_C 2015-05-14 12:31:10 +02:00
Manuel Pégourié-Gonnard 6ab9b009cd Fix warnings from armcc 2015-05-14 11:37:52 +02:00
Manuel Pégourié-Gonnard 545102ef1d No timer -> to timeout (optional for TLS) 2015-05-13 17:31:48 +02:00
Manuel Pégourié-Gonnard 286a136e63 SSL timer fixes: not DTLS only, start cancelled 2015-05-13 17:18:59 +02:00
Manuel Pégourié-Gonnard e3c41ad8a4 Use the new timer callback API in programs 2015-05-13 10:04:32 +02:00
Manuel Pégourié-Gonnard 2e01291739 Prepare the SSL modules for using timer callbacks 2015-05-13 09:43:39 +02:00
Manuel Pégourié-Gonnard ec4b08957f Fix issue in ssl_free() vs ssl_config_free()
Just an overlook from moving things recently
2015-05-12 12:22:36 +02:00
Manuel Pégourié-Gonnard e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard 55fab2de5d Fix a few more #ifdef's 2015-05-11 17:54:38 +02:00
Manuel Pégourié-Gonnard 8b431fbbec Fix dependency issues 2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard 06939cebef Fix order of ssl_conf vs ssl_setup in programs
Except ssl_phtread_server that will be done later
2015-05-11 14:35:42 +02:00
Manuel Pégourié-Gonnard 01e5e8c1f8 Change a few ssl_conf return types to void 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 6729e79482 Rename ssl_set_xxx() to ssl_conf_xxx() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 22bfa4bb53 Add ssl_set_hs_ca_chain() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 1897af9e93 Make conf const inside ssl_context (finally) 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 17a40cd255 Change ssl_own_cert to work on ssl_config 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 1af6c8500b Add ssl_set_hs_own_cert() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 8f618a8e65 Rework ssl_set_own_cert() internals 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 120fdbdb3d Change ssl_set_psk() to act on ssl_config 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 4b68296626 Use a specific function in the PSK callback 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard 750e4d7769 Move ssl_set_rng() to act on config 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 5cb3308e5f Merge contexts for session cache 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard ae31914990 Rename ssl_legacy_renegotiation() to ssl_set_... 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 662c6e8cdd Disable truncated HMAC by default 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 1028b74cff Upgrade default DHM params size 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard 8836994f6b Move WANT_READ/WANT_WRITE codes to SSL 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard 1b511f93c6 Rename ssl_set_bio_timeout() to set_bio()
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard 97fd52c529 Split ssl_set_read_timeout() out of bio_timeout() 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard bc2b771af4 Move ssl_set_ca_chain() to work on config 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard ba26c24769 Change how hostname is stored internally 2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard 2b49445876 Move session ticket keys to conf
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 684b0592cb Move ssl_set_fallback() to work on conf
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 6bf89d6ad9 Move ssl_set_max_fragment_len to work on conf 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 17eab2b65c Move set_cbc_record_splitting() to conf 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard d36e33fc07 Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 419d5ae419 Make endpoint+transport args of config_defaults() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard def0bbe3ab Allocate ssl_config out of ssl_setup() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard cd523e2a5e Introduce mbedtls_ssl_config_{init,defaults,free}() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 7ca4e4dc79 Move things to conf substructure
A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard 8a81e84638 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add countermeasure against cache-based lucky 13

Conflicts:
	library/ssl_tls.c
2015-04-29 02:13:42 +02:00
Manuel Pégourié-Gonnard 41d479e7df Split ssl_init() -> ssl_setup() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard 47fede0d6d Add countermeasure against cache-based lucky 13 2015-04-29 01:35:48 +02:00
Manuel Pégourié-Gonnard e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard e6efa6f54e manually merge 9f98251 make extKeyUsage accessible 2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard 144bc224e9 Merge branch 'mbedtls-1.3' into development
* commit 'a2fce21':
  Fix potential NULL dereference on bad usage

Conflicts:
	library/ssl_tls.c
2015-04-17 20:39:07 +02:00
Manuel Pégourié-Gonnard 9f98251e72 Make results of (ext)KeyUsage accessible 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard a2fce21ae5 Fix potential NULL dereference on bad usage 2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard 8408a94969 Remove MBEDTLS_ from internal macros 2015-04-09 13:52:55 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard 932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 8c8be1ebbb Change default min TLS version to TLS 1.0 2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard d16df8f60a Cleanup unused bit in ssl
Became unused when removing deprecated ssl_set_own_cert_xxx() functions
2015-03-31 14:04:51 +02:00
Manuel Pégourié-Gonnard fa44f20b9f Change authmode default to Required on client 2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard e960818735 Check return value of the TLS PRF 2015-03-26 11:47:47 +01:00
Manuel Pégourié-Gonnard b7fcca33b9 Make tls1_prf and tls12_prf more efficient
Repeatedly allocating a context and setting the key was a waste
2015-03-26 11:41:28 +01:00
Manuel Pégourié-Gonnard 6890c6b64e Factor tls_prf_sha{256,384} together 2015-03-26 11:11:49 +01:00
Manuel Pégourié-Gonnard abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 4063ceb281 Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 7da726bb53 Remove calls to xxx_hmac() from SSL modules 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard 9a65e80e4f Properly mark ssl_set_bio() as deprecated 2015-03-25 18:09:46 +01:00
Manuel Pégourié-Gonnard c70581c272 Add POLARSSL_DEPRECATED_{WARNING,REMOVED} 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard 849b174e57 Disable RC4 by default in the library 2015-03-20 19:14:19 +00:00
Manuel Pégourié-Gonnard 47723147f5 Remove functions deprecated in 1.3 2015-03-20 18:21:12 +00:00
Manuel Pégourié-Gonnard 852a6d3d8f Rename ssl.renegotiation to ssl.renego_status 2015-03-19 16:15:20 +00:00
Manuel Pégourié-Gonnard 0db107e4ba Fix pk_can_do() constness issue 2015-03-19 14:01:57 +00:00
Manuel Pégourié-Gonnard 57a26da593 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Use link-time garbage collection in memory.sh
  scripts/memory.sh only work on Linux
  Add missing 'const' on selftest data
  Use only headers for doxygen (no doc in C files)
  Add missing extern "C" guard in aesni.h
  Fix compile error with renego disabled
  Remove slow PKCS5 test
  Stop checking key-cert match systematically
  Make tests/*.sh runnable from anywhere
  Update visual C files
2015-03-11 10:30:21 +00:00
Manuel Pégourié-Gonnard f427f8854a Stop checking key-cert match systematically 2015-03-10 15:35:29 +00:00
Manuel Pégourié-Gonnard 69849f8595 Drop renego state from context if no renego support 2015-03-10 11:54:02 +00:00
Manuel Pégourié-Gonnard 7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard 2f5a1b4e55 Rename SSL_RENEGOTIATION macro
- new name is more explicit
- avoids collision with POLARSSL_SSL_RENEGOTIATION config flag when prefixing
  will be applied
2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard 9b6699066e Fix typos in macro names 2015-03-09 13:05:06 +00:00
Manuel Pégourié-Gonnard 998897be3d Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Rename website and repository
  Move private macro from header to C file
  Add some missing 'static' on a few objects
  Fix whitespace issues
  Minor portability fix in benchmark
2015-03-06 13:25:41 +00:00
Manuel Pégourié-Gonnard fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Manuel Pégourié-Gonnard 4e41c99ed8 Merge branch 'development' into dtls
* development:
  Avoid possible dangling pointers

Conflicts:
	library/ssl_tls.c
2015-02-18 10:39:49 +00:00
Manuel Pégourié-Gonnard f7db5e0a4a Avoid possible dangling pointers
If the allocation fails, we don't really want ssl->in_ctr = 8 lying around.
2015-02-18 10:32:41 +00:00
Manuel Pégourié-Gonnard cd4cd1dd26 Merge branch 'development' into dtls
* development:
  Fix the fix to ssl_set_psk()
  Update Changelog
  Finish fixing memleak in ssl_server2 arg parsing
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00
Manuel Pégourié-Gonnard f45850c493 Fix the fix to ssl_set_psk()
- possible for the first malloc to fail and the second to succeed
- missing = NULL assignment
2015-02-18 10:23:52 +00:00
Manuel Pégourié-Gonnard ac08b543db Merge remote-tracking branch 'rasp/mem-leak' into development
* rasp/mem-leak:
  Fix another potential memory leak found by find-mem-leak.cocci.
  Add a rule for another type of memory leak to find-mem-leak.cocci.
  Fix a potential memory leak found by find-mem-leak.cocci.
  Add a semantic patch to find potential memory leaks.
  Fix whitespace of 369e6c20.
  Apply the semantic patch rm-malloc-cast.cocci.
  Add a semantic patch to remove casts of malloc.

Conflicts:
	programs/ssl/ssl_server2.c
2015-02-18 10:07:22 +00:00
Mansour Moufid f81088bb80 Fix a potential memory leak found by find-mem-leak.cocci. 2015-02-17 13:10:21 -05:00
Manuel Pégourié-Gonnard d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00